Added Layer Of Obscurity: Finding a non-standard port for your service

Designing your security model using only obscurity is always a bad idea, but after sound measures have been put in place, an added layer of obscurity might make the service/account harder to find for the malicious, and lower the resources wasted by their brute forcing, etc.

An example would be the changing of private services (e.g. SSH) to run on non-standard ports (I see this frequently recommended as part of hardening guides anyway; there’s port knocking too which could be even better, but that’s not the point of this post).

In the example of hiding SSH ports, the question then comes: what port to use? One of the many ways is to make use of nmap’s frequently used ports list to help make a decision. Nmap scans using the top 1000 frequently used ports in a normal scan (although we change the scan to scan based on any top n used ports too). So we run this in a shell to list the top 1000 (or n of your fancy) used ports: